xaymar/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

avformat/rtpdec_jpeg: check qtable_len

Browse Source 
Fixes: out of array access
Fixes: 605/pc.py

Based-on patch by depthfirst

*Reporter: Zhenpeng (Leo) Lin at depthfirst*

(cherry picked from commit 91d29be49a)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-04-23 00:23:57 +00:00
parent 26439c3878
commit d84bec2bd6
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libavformat/rtpdec_jpeg.c
+6
View File
@@ -274,6 +274,12 @@ static int jpeg_parse_packet(AVFormatContext *ctx, PayloadContext *jpeg,
av_log(ctx, AV_LOG_WARNING, "Only 8-bit precision is supported.\n"); av_log(ctx, AV_LOG_WARNING, "Only 8-bit precision is supported.\n");
if (qtable_len > 0) { if (qtable_len > 0) {
if (qtable_len != 128) {
av_log(ctx, AV_LOG_ERROR, "Invalid RTP/JPEG packet. Invalid qtable length %d.\n", qtable_len);
if (qtable_len%64 || qtable_len > 4*64)
return AVERROR_INVALIDDATA;
}
if (len < qtable_len) { if (len < qtable_len) {
av_log(ctx, AV_LOG_ERROR, "Too short RTP/JPEG packet.\n"); av_log(ctx, AV_LOG_ERROR, "Too short RTP/JPEG packet.\n");
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;